CVE-2012-2539

Name of the Vulnerable Software and Affected Versions Microsoft Word versions 2003 SP3, 2007 SP2 and SP3, and 2010 SP1 Word Viewer Office Compatibility Pack versions SP2 and SP3 Office Web Apps 2010 SP1

Description A remote code execution issue exists in the way affected Microsoft Office software parses specially crafted Rich Text Format (RTF) data, potentially allowing an attacker to take complete control of an affected system. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Users with fewer user rights on the system may be less impacted than those operating with administrative user rights.

Recommendations For Microsoft Word 2003 SP3, update to a version that is not affected by this issue. For Microsoft Word 2007 SP2 and SP3, update to a version that is not affected by this issue. For Microsoft Word 2010 SP1, update to a version that is not affected by this issue. For Word Viewer, update to a version that is not affected by this issue. For Office Compatibility Pack SP2 and SP3, update to a version that is not affected by this issue. For Office Web Apps 2010 SP1, update to a version that is not affected by this issue. As a temporary workaround, consider avoiding the use of crafted RTF data until a patch is available.